Petya ransomware attack strikes companies across Europe US

After Wanncry ransomware attack, the new Petya ransomware attack is in the news. The Petya ransomware attack strikes companies across Europe US and Ukraine. Many organizations have been victim of this attack. After Wannacry this is the second largest attack observed across the globe. Like WannaCry, Petya ransomware spreads rapidly through networks that use Microsoft Windows operating systems. The Petya ransomware has caused serious disruption at large firms. This includes the advertising giant WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft.

Ransomware is a variant of malware. Once it enters the computer, it blocks the access to data and demands huge money to decrypt the files. While it’s still not clear on who’s behind this but it seems likely it is someone who wants to just make money out of this.

Source – Pic from Twitter

The infected computers display the following message. If you see this text, then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service. To decrypt the files the attacker demands a $300 ransom in the Bitcoin digital currency. Most of all the attacker asks to send the Bitcoin wallet ID and personal installation key to email. However the email address has been shutdown by email provider posteo.net. So there is no way to pay the ransom and get files decrypted.

Source – Pic from twitter by Hacker Fantastic

What to do if affected by ransomware – Remember that this ransomware encrypts the files post the reboot. As per the tweet from hacker fantastic, it’s advised to power off your computer if you see something like this. The message displayed is do not turn off your pc. But to stop the encryption, you have to power off the pc immediately.